Zensen 2 Posted ... If you're running AirVPN on Linux you probably don't want to have to type your sudo password in each time it runs. Why? If you're auto-starting it, you want your network lock and VPN connection to happen as soon as you login. Here's what I did for Ubuntu (Actually Kubuntu)... Install gksu (sudo apt install gksu) Add AirVPN to your autostart list and for command use gksudo /usr/bin/airvpn Run sudo nano /usr/share/applications/AirVPN.desktop and change the command to gksudo /usr/bin/airvpn Edit the AirVPN entry in your application launcher and change the command to gksudo /usr/bin/airvpn Run sudo visudo and add the line %airvpn ALL=(ALL:ALL) NOPASSWD: /usr/bin/airvpn after all other rules (Press Ctrl+x and then Enter to exit and save). Run sudo groupadd airvpn Run sudo usermod -a -G airvpn user replacing "user" with your account's username. You're done. The next time you login (Or start it any any other way) AirVPN will start without entering any password. Note: Your AirVPN settings will be back to default after doing this. Don't worry, just set them again and they'll save. 2 LZ1 and electrikapricot reacted to this Share this post Link to post
Staff 9971 Posted ... We very strongly recommend to not apply this solution for security reasons. Kind regards 3 Flx, lessthantom and jabberwock reacted to this Share this post Link to post
Zensen 2 Posted ... We very strongly recommend to not apply this solution for security reasons. Kind regards Still useful for those who may want to, this solution could use some extra security. The application has to be run as su to begin with so there's no more security concern there in that regard. Of course it would be nice to be able to restrict the alteration of eddie client's files. I'm not sure if some solution exists to restrict file modifications based on hashing. I'd be surprised if there wasn't. Even Windows does this and will not grant admin privs automatically to a file that has been modified since it was whitelisted. I'll search for such a solution on Linux. There must be some way. Share this post Link to post
HullMeister 0 Posted ... did all of the above, a now the gui just sits on desktop waiting for me to put username/password in, not even pre-filled as before Hide HullMeister's signature Hide all signatures Share this post Link to post
corrado 100 Posted ... You should not use gksu anymore - it's heavily deprecated and has been abandoned by many popular distributions, e.g. Ubuntu. what Share this post Link to post
corrado 100 Posted ... You should not use gksu anymore - it's heavily deprecated and has been abandoned by many popular distributions, e.g. Ubuntu. what Share this post Link to post
rnd227 0 Posted ... It just doesn't work as advertised. Any other suggestion on the topic would be very welcome ! Share this post Link to post
keikari 9 Posted ... (edited) Go with the solution in 2 posts below this one, it's how it actually should be done. What is difference in starting Airvpn-Eddie with 'eddie-ui' and 'sudo eddie-ui'.If there is important difference, is it possible to somehow start the app with 'eddie-ui' command without needing to enter Authentication password.Also asking for learning purpose. I'm using Fedora 28 EDIT: And just 15min later I found answer: Edit /usr/share/polkit-1/actions/org.airvpn.eddie.ui.policy Set line <allow_active>auth_admin</allow_active> to <allow_active>yes</allow_active> and no password is asked. Is this safe enough for normal personal use? Edited ... by keikari 1 ambiguity reacted to this Share this post Link to post
ambiguity 0 Posted ... What is difference in starting Airvpn-Eddie with 'eddie-ui' and 'sudo eddie-ui'.If there is important difference, is it possible to somehow start the app with 'eddie-ui' command without needing to enter Authentication password.Also asking for learning purpose. I'm using Fedora 28 EDIT: And just 15min later I found answer: Edit /usr/share/polkit-1/actions/org.airvpn.eddie.ui.policy Set line <allow_active>auth_admin</allow_active> to <allow_active>yes</allow_active> and no password is asked. Is this safe enough for normal personal use?Thank you so much for this description! It's unbearable to enter password each time I want to run eddie...PS : Works also on Ubuntu! Share this post Link to post
corrado 100 Posted ... What is difference in starting Airvpn-Eddie with 'eddie-ui' and 'sudo eddie-ui'.If there is important difference, is it possible to somehow start the app with 'eddie-ui' command without needing to enter Authentication password.Also asking for learning purpose. I'm using Fedora 28 EDIT: And just 15min later I found answer: Edit /usr/share/polkit-1/actions/org.airvpn.eddie.ui.policy Set line <allow_active>auth_admin</allow_active> to <allow_active>yes</allow_active> and no password is asked. Is this safe enough for normal personal use? In my opinion, it's a bad practice to alter the policy file provided by Eddie. I would rather define a new rule: Create a new file under /etc/polkit-1/rules.d named "49-eddie_nopasswd.rules" (or anything similar to that) with the following content: Quotepolkit.addRule(function(action, subject) { if ((action.id == "org.airvpn.eddie.ui.policy") && subject.isInGroup("wheel")) { return polkit.Result.YES; }}): 1 keikari reacted to this Share this post Link to post
j7j3 7 Posted ... If you can't be bothered typing in your password for Eddie then you can use this launch script. #!/bin/bashprintf 'YOURPASSWORD\n' | sudo -S eddie-ui Save it as yourscript.sh (whatever you want) into $HOME/bin and make sure $HOME/bin is in your paths with 'echo $PATH'. If you do not see $HOME/bin then add this to .profile # set PATH so it includes user's private bin if it existsif [ -d "$HOME/bin" ] ; then PATH="$HOME/bin:$PATH"fi Change the permissions so only you can read or write to it also chmod u+x,go-rwx $HOME/bin/yourscript.sh For security reasons however (as staff said above) it's inadvisable to do this.... Share this post Link to post
rnd227 0 Posted ... If you can't be bothered typing in your password for Eddie then you can use this launch script. #!/bin/bash printf 'YOURPASSWORD\n' | sudo -S eddie-ui Maybe not elegant, but it works. Thank you very much ! Share this post Link to post
corrado 100 Posted ... #!/bin/bashprintf 'YOURPASSWORD\n' | sudo -S eddie-ui While this works, it's not a good idea to save your password in what is essentially a text file. Above, I have posted a solution using polkit rules that is more secure. Share this post Link to post
rnd227 0 Posted ... You're right. Thanks you. I'm using qomui, by the way. Share this post Link to post
luxc0r0 0 Posted ... On 8/13/2018 at 9:22 AM, corrado said: In my opinion, it's a bad practice to alter the policy file provided by Eddie. I would rather define a new rule: Create a new file under /etc/polkit-1/rules.d named "49-eddie_nopasswd.rules" (or anything similar to that) with the following content: Quote Is this method deprecated or distro specific? In Mint 19 (which is essentially Ubuntu 18.04) I have no rules.d/ director under /etc/polkit-1/ so I created /etc/polkit-1/localauthority.conf.d/49-eddie_nopasswd.conf I copied your data for the file contents, but substituted "sudo" for "wheel" as the latter does not exist on my system but the former does. When attempting to run eddie-ui & from the terminal, the application never launches, I just receive a hanging messaged saying Restarting with admin privileges (method:pkexec-policy) And ps -A revealed that no process of eddie-ui is running. EDIT: SOLUTION FOLLOWS It is in fact my system that is deprecated and not the other way around! My distribution uses an old version of policy kit which requires a different method than above. If on your system "pkaction --version" yields < 0.106, then creating a ".rules" file is not supported. Instead Create file:/var/lib/polkit-1/localauthority/50-local.d/com.eddie_nopasswd.pkla And for its contents:[launch eddie airvpn] Identity=unix-group:sudo Action=org.airvpn.eddie.ui.policy ResultActive=yes This should be the appropriate method in any distro derivative of Ubuntu 19.04 or lower, whereas corrado's method is appropriate for later versions. Sources: Regarding policy kit versions: https://askubuntu.com/questions/536591/policykit-rules-never-come-into-effect Good syntax examples in Ubuntu 18.04: https://askubuntu.com/questions/1033104/i-cant-make-my-ubuntu-18-04-hibernate-i-tried-use-both-swap-file-and-swap-part/1033139#1033139EDIT EDIT: Now that I am inclined to run eddie-ui in term via --cli flag, I had to also add %sudo ALL=NOPASSWD: /usr/bin/eddie-ui to the sodoers file via visudo command. On some systems that initial %sudo should be %wheel; whatever the group is named on your system Share this post Link to post
tBundy 1 Posted ... On 8/13/2018 at 4:22 PM, corrado said: In my opinion, it's a bad practice to alter the policy file provided by Eddie. I would rather define a new rule: Create a new file under /etc/polkit-1/rules.d named "49-eddie_nopasswd.rules" (or anything similar to that) with the following content: On 8/13/2018 at 4:22 PM, corrado said: Quote polkit.addRule(function(action, subject) { if ((action.id == "org.airvpn.eddie.ui.policy") && subject.isInGroup("wheel")) { return polkit.Result.YES; } }): Thanks! I found though that there is a typo in your code. it ends with colon whereas it needs to be a semicolon to work. Could someone please elaborate the security concerns of applying this rule in some detail? Share this post Link to post
airliner 1 Posted ... (edited) How do I make autostart work with Eddie 2.18.9? edit:Action has changed to org.airvpn.eddie.ui.elevated.policy Edited ... by airliner 1 zerty7418 reacted to this Share this post Link to post